> I would strongly urge the group not to pursue this; although it seems
> like a good/friendly thing to do, it encourages people to trust (or
> not trust) traffic by port, which is unrealistic and dangerous.
I cannot resist pointing out that this is exactly what people do with their
firewalls and content switches today. Leaving aside whether it is proper or
dangerous, "unrealistic" is thinking that people do not use TCP ports to
filter, classify and route their IP network traffic.
Indeed, one of the reasons oft-cited for SOAP over HTTP is explicitly the
fact that because many enterprise firewalls block all incoming ports other
than port 80, putting SOAP over port 80 is a win! (The "catch-22" again).
The ability to associate application expectations for traffic on a certain
TCP port is important. Yes, in itself it is not a guarantee of security or
correct application behavior -- you may still verify those expectations
(e.g., "I'm a firewall and I expect HTTP only on port 80, verify that to be
the case"), but it is a vital part of the network infrastructure today.
\\ Eugene Kuznetsov
\\ eugene@datapower.com
\\ DataPower Technology, Inc.